Filtered by vendor Media File Manager Project
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19041 | 1 Media File Manager Project | 1 Media File Manager | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. | |||||
| CVE-2018-19040 | 1 Media File Manager Project | 1 Media File Manager | 2019-02-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. | |||||
| CVE-2018-19042 | 1 Media File Manager Project | 1 Media File Manager | 2019-02-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI. | |||||
| CVE-2018-19043 | 1 Media File Manager Project | 1 Media File Manager | 2019-02-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI. | |||||